CVE-2002-0521

Name of the Vulnerable Software and Affected Versions ASP-Nuke versions prior to RC2

Description The issue allows remote attackers to execute script or gain privileges as other ASP-Nuke users. This can be achieved via script in the name parameter in "downloads.asp", the message parameter in "Post.asp", or a web site URL in "profile.asp".

Recommendations For ASP-Nuke versions prior to RC2, consider disabling the affected parameters, such as name in "downloads.asp", message in "Post.asp", to minimize the risk of exploitation until a fix is available. Restrict access to "profile.asp" to prevent attackers from using a malicious web site URL.